Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Aruba CX config to replace AOS unauth-vid config

This thread has been viewed 38 times

  • 1.  Aruba CX config to replace AOS unauth-vid config

    Posted Mar 26, 2021 11:03 AM
    Situation:
    AOS 2930F Switches and CX 6200F Switches on same site. NAC with Microsoft NPS (802.1x and MAC Auth), no ClearPass!

    The AOS switches do have the following command:

    ! Assign MAC-based unauthenticated client VLAN to authenticator ports

    aaa port-access mac-based <PORT-LIST> unauth-vid <VLAN-Number>


    I cannot find that on the CX Switches. What can i do instead to get the same behavior?
    I do need a vlan assigned from the switch for clients which could not be authenticated via 802.1x or MAC Auth.


    ------------------------------
    Thomas Klein
    ------------------------------


  • 2.  RE: Aruba CX config to replace AOS unauth-vid config

    Posted Mar 26, 2021 06:32 PM
    According to Security Guide I guess it's this:

    aaa authentication port-access [critical-role|preauth-role|reject-role|auth-role]

Parameters

critical-role
Specifies the role that is applied when the RADIUS server is unreachable for authentication.

preauth-role
Specifies the role that is applied when authentication is still in progress.

reject-role
Specifies the role that is applied when authentication has failed.

auth-role
Specifies the role that is applied to authenticated clients when a specific role is not assigned in the RADIUS server.​

    Original Message


  • 3.  RE: Aruba CX config to replace AOS unauth-vid config

    Posted Mar 29, 2021 06:21 AM
    Thanks, the reject-role seems to be something i can try out.

    ------------------------------
    Thomas Klein
    ------------------------------

    Original Message


  • 4.  RE: Aruba CX config to replace AOS unauth-vid config

    Posted Mar 29, 2021 10:58 AM
    ArubaOS-CX, ArubaOS switch (now the Aruba OS), HPE Comware version 7, and Cisco IOS. In this guide On ArubaOS-CX, you configure the aforementioned components in an interface (VLAN for issue Perform an in-service system upgrade to the secondary image.  ip-sla-video receiving unauthorized BPDUs.

    ------------------------------
    Lawrence Jordan
    ------------------------------

    Original Message